search

MohGovIL / hamagen-react-native

Israel's Ministry of Health's COVID-19 Exposure Prevention App
https://health.gov.il/
MIT License
508 stars 153 forks source link

Missing ensuring { exists in signatureLength variable (check -1 returned for indexOf call) #276

Closed emanuelb closed 4 years ago

emanuelb commented 4 years ago

The call to const signatureLength = data.indexOf('{'); doesn't check that { exists in the string (it's assuming so without checking the return value is not -1) thus: signature will be all the string without last char jsonB64 will be last char in string, which will be passed to JSON.parse, number 0-9 is a single valid char for json. so data like: [sig]X where X is number and [sig] is signing of number X, will pass verification.

https://github.com/MohGovIL/hamagen-react-native/blob/14dd43b9e0c502497969c836ba591d51989eb446/src/services/SigningService.ts#L13-L28

fix:

  1. check the return value of data.indexOf operation, abort if it's -1.
kaplanlior commented 4 years ago

Fixed at c2cfc6f2818a44f34f92b59cf276e53b7ed60ce6